Developing a Cyberattack Response Plan

This post first appeared on Risk Management Magazine. Read the original article.

Right now, somewhere in the United States, a cyberattack is happening. In fact, many cyberattacks are likely happening—which is why cybercrime damage costs are estimated to hit $6 trillion annually by 2021. Risk management professionals and executives are not only challenged by the volume of cyberthreats, but by their growing complexity as well.

Ransomware attacks, for example, were predicted to exceed $5 billion in 2017—up more than fifteen-fold from 2015—as organizations grapple with how to not only prevent these attacks but mitigate the financial losses and downtime they cause. Yet despite the trends, more than half (52%) of organizations that suffered successful cyberattacks in 2016 indicated in a Cybersecurity Ventures report that they would not make any changes to their security in 2017. And even for those that do update their cybersecurity plans, cyberattacks have become an inevitability for most organizations. As a result, developing a complete response plan for cyberattacks is essential to protecting your business and customers.

For enterprises developing a cyberattack response plan, consider these five strategies:

1.Be proactive, not reactive
The global average cost of a data breach is $3.62 million, according to the 12th annual Cost of Data Breach Study conducted by Ponemon Institute. Would you rather have a plan in place aimed at minimizing such losses should a cyber incident occur, or risk ending up in the growing majority of companies that have sustained attacks? Protecting your stakeholders should be of utmost priority, and the first step is having a plan ready. You will be grateful that you do when your servers are down, people are trying to reach you, and immediate action is required.

2. Assemble a team
Most organizations immediately turn to IT when thinking about cyberattacks. While IT is indeed a big part of the picture, it is just that: one piece. When a cyberattack occurs, its impact is felt across your entire organization.

A solid cyber response team begins with a trustworthy, authoritative leader who understands the importance of a cyberattack response plan, and who will advocate on its behalf to other key players. Additional team members must also be adaptable and capable of leading in a time of crisis. After all, there is no such thing as a straightforward cyberattack, and there is no such thing as a straightforward response.

3. Accept that your plan has a shelf life
Cybercriminals are constantly devising new ways to wreak havoc on organizations, whether it is a global enterprise or small corporation. As a result, a plan that is effective today may be outdated tomorrow.

Team members should be tasked with keeping up with evolving best practices for the industry and adjusting the plan as necessary. All components of the cyberattack response plan should be evaluated regularly and updated if content becomes obsolete.

In addition to regularly assessing risks and threats to your organization’s cybersecurity, your response team should also routinely conduct incident response drills and regular testing under multiple scenarios to help identify and correct flaws in the plan, including everything from technology glitches to human error.

4. Make clarity the imperative
Ambiguity is the enemy of any strong incident response plan. Your cyberattack response plan, however frequently it might change to meet evolving internal and external threats, should be clearly defined and communicated across your entire organization. Every member of your team must not only understand the value of the plan, but also be certain of their specific role within it.

Clarity is aided by providing guidelines on the information that should be included in the response plan:

  • Define who the internal response team members are and what their roles will be
  • Identify key resources needed to execute the response plan effectively
  • Differentiate between the various types of data breaches and methods of attack
  • Create a checklist of action items so team members are not left guessing when a crisis occurs.

5. Communication is key
Cyberthreats escalate quickly, so it is important to communicate often with employees and stakeholders on how to identify new threats. And it is not just the cyberthreats that are ever-changing: so is the technology being used. New devices, software, web services and cloud offerings introduce vulnerabilities that may not have existed before. Cyber response planning must keep pace by accounting for these shifts in adoption of new technology.

Unfortunately, in a time of crisis, not everyone can be relied upon to know what is happening or how to respond. Ransomware attacks are particularly problematic from a communications standpoint. First, according to an Intermedia report, about one-third (31%) of office workers admit they are not familiar with ransomware despite the fact that 70% of office workers acknowledge their organization regularly communicates about cyberthreats and nearly one-third (30%) saying their organization specifically highlighted the WannaCry ransomware attack as an example. Bottom line: every second you are not able to reach workers increases the risk an employee could further expose the organization to a ransomware attack.

This is why communications must be an integral part of your risk management plan, beginning internally and extending outward to your entire network of key stakeholders. Your communication plan must be easily available and optimized for delivery—a particular challenge when computer systems are down and given the variety of ways people receive and share information in our digital age. A streamlined yet multichannel approach is essential for everything from getting ahead of the media to helping your customers gain access to the information they need to weather the storm.

With the ability to reach employees through text and phone, in addition to email, you reduce your risk significantly in the case of a network failure. Additionally, using a cloud-based service allows contact information to be accessible even if internal systems are down. By integrating with your contact database, you also ensure that contact information is always up-to-date.

Leave a Reply

Your email address will not be published. Required fields are marked *